Everyone handling card data must comply with the PCI DSS requirements. However, the requirements differ in relation to how merchants must provide documentation for meeting the security standard.
Depending on the revenue, merchants must provide different documentation for meeting the PCI DSS requirements. The rules apply to all types of agreement. Nets will contact you if you reach level 1, 2 or 3.
If you have access to card data, you must carry out an annual revision performed by a Qualified Security Assessor (QSA), and also, quarterly network scanning performed by an Approved Scanning Vendor (ASV). If you do not have access to card data, you must fill out a PCI questionnaire.
You must fill out a PCI questionnaire once a year. Furthermore, if you have access to card data, you must quarterly carry out a network scanning performed by an ASV.
Same requirements as level 2.
Nets recommends that you carry out a network scanning, and also fill out a PCI questionnaire once a year. All level 4 merchants with access to card data must meet the PCI DSS requirements. Most data theft happen with small and medium size merchants without the necessary security.
List of Qualified Security Assessors (QSA) – businesses certified to carry out system revisions which must comply with the PCI DSS requirements.
List of Approved Scanning Vendors (ASV) – businesses approved to scan IT systems.